CVE-2010-2041

Name of the Vulnerable Software and Affected Versions PHP-Calendar versions prior to 2.0 Beta7

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the description and lastaction parameters in the index.php file.

Recommendations For versions prior to 2.0 Beta7, update to version 2.0 Beta7 or later to resolve the issue. As a temporary workaround, consider restricting user input for the description and lastaction parameters to minimize the risk of exploitation.